Cause: gnupg has an internal ''ccid'' driver. This driver accesses the USB device node directly, without going through pcscd. However, gnupg's internal driver does not support the Gemalto USB reader anyway, so this message can be ignored.

+

* udev/packaging issue:

* udev/packaging issue:

<pre>udevd[273]: specified group 'pcscd' unknown</pre>

<pre>udevd[273]: specified group 'pcscd' unknown</pre>

+

+

This is unproblematic: the pcscd daemon runs as root.

+

* Should we advice to create a backup during key creation or rather not?

* Should we advice to create a backup during key creation or rather not?

* Is the passphrase only used for the backup key?

* Is the passphrase only used for the backup key?

* Is the public key also stored on the card?

* Is the public key also stored on the card?

+

+

It probably is, but there is no apparent way to obtain it. Export it to some keyserver quickly.

+

* How should the <code>url</code> configuration be set?

* How should the <code>url</code> configuration be set?

+

+

A string pointing to a URL that stores your pubkey.

+

* What is the impact of setting <code>forcesig</code>?

* What is the impact of setting <code>forcesig</code>?

+

+

If you enable ''forcesig'', you must enter the PIN for each single signature. This is recommended.

Revision as of 16:54, 18 November 2011

Contents

Prepare your Smartcard

Install the ccid package and start the pcscd daemon. Insert your smartcard reader and check the output of gpg --card-status

Creating the master key

Run gpg --card-edit. Type in admin to enabled administration functions. All available commands can now be listed by issuing the help command. Use the name and sex commands to set some unimportant meta data.

To create a new key pair just type in generate. Create a 3072 bits key and enter your data according to this example:

Open questions

Cause: gnupg has an internal ccid driver. This driver accesses the USB device node directly, without going through pcscd. However, gnupg's internal driver does not support the Gemalto USB reader anyway, so this message can be ignored.

udev/packaging issue:

udevd[273]: specified group 'pcscd' unknown

This is unproblematic: the pcscd daemon runs as root.

Should we advice to create a backup during key creation or rather not?

Is the passphrase only used for the backup key?

Is the public key also stored on the card?

It probably is, but there is no apparent way to obtain it. Export it to some keyserver quickly.

How should the url configuration be set?

A string pointing to a URL that stores your pubkey.

What is the impact of setting forcesig?

If you enable forcesig, you must enter the PIN for each single signature. This is recommended.